III. REMARKS 

Claims 1-2 and 4-39 are pending in this application. By this amendment, claims 1,11, 
18, and 29 have been amended. Applicants are not conceding in this application that those 
claims are not patentable over the art cited by the Office, as the present claim amendments and 
cancellations are only for facilitating expeditious prosecution of the subject matter noted by the 
Office. Applicants do not acquiesce in the correctness of the rejections and reserve the right to 
present specific arguments regarding any rejected claims not specifically addressed. Further, 
Applicants reserve the right to pursue the full scope of the subject matter of the original claims in 
a subsequent patent application that claims priority to the instant application. Reconsideration in 
view of the following remarks is respectfully requested. 

In the Office Action, claims 1, 2, and 4-39 are rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Levergood et al. (US 5,708,780) in view of Applicant's own alleged admitted 
prior art (AAPA) and further in view of Abdo et al. (US 7,080,404). Applicants traverse the 
rejection on the following grounds. 

With respect to independent claim 1, Applicants assert that Levergood in view of AAPA 
and Abdo does not disclose each and every feature of the claim. For example, Levergood in view 
of AAPA and further in view of Abdo does not disclose, inter alia, "determining if the one 
command is required to be associated with the security value, wherein the command is required 
to be associated with the security value if the command can be used in a malicious attack." See 
claim 1 . Applicants assert that this feature is not taught by the cited references. Further, 
Applicants contend that this feature was discussed on December 12, 2008 with the Office and the 
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Office submitted that the amendment to include the feature of which commands are required to 
be associated with the security value would further distinguish the cited references. 

Applicants also reassert arguments made in the previous Amendment that the cited 
references fail to teach "preventing execution of the one command if the security value is not 
found with the one command or if there is an error in the security value; and returning an 
error message to the authenticated user if the security value is not found with the one command 
or if there is an error in the security value." See claim 1 . (Emphasis added). The Office 
asserts that Levergood allegedly teaches the feature of preventing execution of the command if 
the security value is not found and returning an error message to the authentication user for 
confirmation before the command is executed. Specifically, the Office points to Col. 5, lines 41- 
49, Col. 6, lines 26-65, and Col. 7, lines 65-47 of Levergood. See Office Action, page 4. 
However, Applicants maintain that Levergood fails to teach this feature and submit that 
Levergood, in addition to AAPA and Abdo, does not teach determining there is an error in the 
SID (which the Office points to as allegedly teaching the security value). Accordingly, 
Applicants assert that the cited references fail to teach each and every feature of claim 1 . 

In view of the foregoing, claim 1 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 1 under 35 U.S.C. § 103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 11, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 1 1 recites: 
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"A method for protecting a distributed application user, comprising: . . . 

generating, on a server, a single security value for the authenticated user, wherein 
the security value is a pseudo-random number; . . . 

determining if the one command is required to be associated with the security 
value, wherein the command is required to be associated with the security value if 
the command can be used in a malicious attack; 

executing the one command if the one command is not required to be associated 
with the security value; and 

if the one command is required to be associated with the security value: 

checking the one URL for the security value to determine if the one URL 

originated from the authenticated user; 

preventing execution of the command corresponding to the one URL if the 

security value is not found with one URL or if there is an error in the security 

value; and 

returning an error message to the authenticated user if the security value is 
not found with the one URL or if there is an error in the security value, wherein 
the error message prompts the authenticated user for confirmation before the one 
URL can be executed." (Emphasis added). 
For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
method recited in claim 1 1 , including the limitations "determining if the one command is 
required to be associated with the security value, wherein the command is required to be 
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associated with the security value if the command can be used in a malicious attack;" "executing 
the one command if the one command is not required to be associated with the security value;" 
and "if there is an error in the security value." Rather, Abdo discloses an auto-reconnect data 
that is comprised of two different values and is for a server session. Further, the cited references 
fail to provide the determining feature and executing feature of claim 1 1 and do not disclose "if 
there is an error in the security value." 

In view of the foregoing, claim 1 1 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 1 1 under 35 U.S.C. § 103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 18, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 18 recites: 

"A system for protecting a distributed application user, comprising: . . . 

a security value system for generating a single security value for an authenticated 

user of a distributed application provided on a server, wherein every user is authenticated 

prior to generating the security value and the security value is a pseudo-random number; 

a command checking system for: 

determining if the one command is required to be associated with the 
security value and executing the one command if the one command is not required 
to be associated with the security value, wherein the command is required to be 
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associated with the security value if the command can be used in a malicious 
attack; and 

if the one command is required to be associated with the security value: 
checking one of the set of commands received on the server from 

the authenticated user for the security value to determine if the one 

command originated from the authenticated user, 

preventing execution of the one command if the security value is 

not found with the one command or if there is an error in the security 

value, and 

returning an error message to the authenticated user if the security 
value is not found with the one command or if there is an error in the 
security value, wherein the error message prompts the authenticated user 
for confirmation before the one command can be executed." (Emphasis 
added). 

For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
system recited in claim 18, including the limitations "determining if the one command is 
required to be associated with the security value, wherein the command is required to be 
associated with the security value if the command can be used in a malicious attack;" "executing 
the one command if the one command is not required to be associated with the security value;" 
and "if there is an error in the security value." Rather, Abdo discloses an auto-reconnect data 
that is comprised of two different values and is for a server session. Further, the cited references 
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fail to provide the determining feature and executing feature of claim 18 and do not disclose "if 
there is an error in the security value." 

In view of the foregoing, claim 18 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 18 under 35 U.S.C. §103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With respect to independent claim 29, Applicants respectfully traverse the rejection and 
Applicants assert that Levergood in view of AAPA and Abdo does not disclose each and every 
feature of the claim. Claim 29 recites: 

"A computer program product stored on a computer readable medium for protecting a 
distributed application user, which when executed, comprises: 

program code for generating a single security value for an authenticated user of the 
distributed application provided on a server, wherein every user is authenticated prior to 
generating the security value and the security value is a pseudo-random number; . . . 

program code for determining if the one command is required to be associated with the 
security value, wherein the command is required to be associated with the security value if 
the command can be used in a malicious attack; 

program code for executing the one command if the one command is not required to be 
associated with the security value; and 

if the one command is required to be associated with the security value: 

program code for checking one of the set of commands received on the server 

from the authenticated user for the security value to determine if the one command 
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originated from the authenticated user, for preventing execution of the one command if 
the security value is not found with the one command or if there is an error in the security 
value, and for returning an error message to the authenticated user if the security value is 
not found with the one command or if there is an error in the security value, wherein the 
error message prompts the authenticated user for confirmation before the one command 
can be executed." (Emphasis added). 

For reasons that should be clear from the discussion of Levergood, AAPA, and Abdo set 
forth above, the combination of Levergood, AAPA, and Abdo does not disclose or suggest the 
system recited in claim 29, including the limitations "determining if the one command is required 
to be associated with the security value, wherein the command is required to be associated with 
the security value if the command can be used in a malicious attack;" "executing the one 
command if the one command is not required to be associated with the security value;" and "if 
there is an error in the security value." Rather, Abdo discloses an auto-reconnect data that is 
comprised of two different values and is for a server session. Further, the cited references fail to 
provide the determining feature and executing feature of claim 29 and do not disclose "if there is 
an error in the security value." 

In view of the foregoing, claim 29 patently distinguishes over Levergood, AAPA, and 
Abdo individually or in combination, and Applicants respectfully request that the rejection of 
claim 29 under 35 U.S.C. § 103(a) as allegedly being unpatentable over Levergood in view of 
AAPA and further in view of Abdo be withdrawn. 

With regard to the Office's other arguments regarding dependent claims, Applicant herein 
incorporates the arguments presented above with respect to independent claims listed above. In 
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addition, Applicant submits that all dependant claims are allowable based on their own distinct 
features. However, for brevity, Applicant will forego addressing each of these rejections 
individually, but reserves the right to do so should it become necessary. Accordingly, Applicant 
respectfully requests that the Office withdraw its rejection. 
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IV. CONCLUSION 

In light of the above, Applicant respectfully submits that all claims are in condition for 
allowance. Should the Examiner require anything further to place the application in better 
condition for allowance, the Examiner is invited to contact Applicant's undersigned 
representative at the number listed below. 

Respectfully submitted, 



Date: December 3 1 , 2008 /Elaine Chi/ 

Elaine Chi 
Reg. No.: 61,194 

Hoffman Warnick LLC 
75 State Street, 14 th Floor 
Albany, New York 12207 
(518) 449-0044 
(518) 449-0047 (fax) 



10/630,283 



Page 21 of 21 



